IC-card portable electronic devices like digital assistants, smart phones and other similar devices contain hardware components to store and execute executable program. In particular, a generic hardware architecture is formed by two main blocks. The first block comprises a non-volatile memory unit and a program counter. The second block comprises a data memory, registers and a stack, as schematically shown in FIG. 1.
IC-card portable electronic devices are often times based on a virtual machine architecture. The virtual machine architecture is implemented on top of a hardware architecture, and is similar to the one described above for a generic hardware architecture. Few differences can be noted. The virtual machine architecture is stack-based so that it has no general purpose registers. As stated for a generic hardware architecture, the virtual machine architecture also stores executable programs inside the non-volatile memory unit.
The virtual machine architecture provides a layer of abstraction between the compiled program and the underlying hardware architecture and operating system, playing a central role in portability.
A non-volatile memory unit, not depending on the machine architecture, is readable by connecting the IC-card portable electronic device to a PC through a specific interface or by using diagnostic software released by the device manufacturer, generally known as software drivers.
Software drivers can be also downloaded from manufacturer support Internet sites and, in the worst case, they can be copied and simulated by hackers. In this respect, non-volatile memory units cannot be considered a secure support for storing the plain version of an executable program.
Executable programs are stored in the non-volatile memory unit in a non-encrypted way because they are to be executed. Executable programs stored in a plain format are in danger because, potentially, they can be copied and reproduced.
Software providers may want to transmit or download executable programs in a secure manner so to prevent the executable programs from being stolen in the transmission channel, or across device interfaces.
European Patent Application No. 1,253,503 relates to the encryption of a source code intended to be executed in an electronic device in a high level programming language. More particularly, this document teaches that the security in communications between the electronic device and an IC-card can be improved by introducing scrambling-descrambling through an encrypted source code and an external unit in which a decryption key for decrypting the encrypted source code is stored.
A protection of mass data is instead described in U.S. Published Patent Application No. 2003/0163718, and is provided by mapping a plurality of virtual addresses onto randomly selected actual addresses.
Even the improved security cited in the above documents protects communications between an external unit and an electronic device, or the mass data storage. The tracking of the source code is not prevented during its execution in a virtual or hardware processor of the same electronic device. For example, this may be when an operand of the source code is temporary stored inside a register or a stack of the virtual or hardware processor of the electronic device.
U.S Published Patent Application No. 2004/0136530 describes a method to protect source code and/or generic data intended to be executed by an electronic device with encrypted data being identified through a corresponding extra bit present in each memory cell. In this case, a basic architecture of the electronic device, such as volatile and/or non-volatile memory structures, are modified to host the extra bits and the whole memory is encrypted using internal keys.
Another prior art document, U.S. Published Patent Application No. 2001/0037450 describers a method of developing a protected software application comprising identifying segments according to a protected instruction set. More particularly, a portion of a source code, coded in a first language and intended to be executed by an electronic device, is compiled in a second language and is decoded and executed in the second language by a processing unit external to the electronic device. An external processing unit is usually much slower and more limited than the electronic device. Moreover, implementing such an approach is usually expensive because it requires an additional external unit provided with higher computational power with respect to the power of the electronic device to improve security. This document also specifies that the source code in the first language is completely recompiled and is protected by an asymmetric cryptography.
In such an approach, even if the source code is protected, the execution is delayed because the entire portion of the source code is to be recompiled. The asymmetric cryptography is slower than symmetric cryptography, and introduces an additional delay. Moreover, this prior art document also does not prevent the tracking of a source code when its operands are temporary stored inside a register or a stack.